On Thu, Jul 15, 2021 at 03:20:56PM +0200, Marcus MERIGHI wrote: > Hello! > > [email protected] (mabi), 2021.07.15 (Thu) 08:16 (CEST): > > I was wondering with OpenSMTPD if it is possible to log the subject of > > the mail in the maillog? Currently the from/to are being logged and I > > wanted to also log the subject if possible. > > Daemons that handle the Simple Mail Transfer Protocol do not care about > the content of the message. The Subject: ist part of the content, as > seen from the POV of the smtpd. > > Spam filters and local delivery agents inspect the content, though. > > I know you can make rspamd and dovecot-lda log the Subject:. > > Marcus
Moreover, as a practical matter there's no singularly *correct* way to identify the Subject header for malformed messages, which means the Subject displayed by your MUA may not be the same identified by the MTA. Mostly that's thanks to Microsoft Exchange and Outlook. The traditional way to parse headers--as implemented by Sendmail and copied by *most* software--is to stop at the first line that is neither a header continuation (leading space) nor a valid start of header (field name + colon).[1] This matches a proper end-of-headers delimiter (empty line), as well as when a message begins without an end-of-headers break, usually with a line that does not parse as a header. Microsoft Exchange and Outlook, though, has alot of magic code to try to catch malformed header continuations (i.e. missing leading space) for Content-Type and similar headers. This means a malformed message can be parsed two different ways depending on the MTA or MUA. This allows smuggling not only different Subject headers, but entirely different bodies and attachments as you can effectively present different Content-Type, Content-Disposition, etc. headers to the parser. Smart software should just do like Sendmail does. Or like GMail--which parses like Sendmail but also triggers protective measures when malformedness is detected (e.g. to help prevent sneaking a trojan attachment past the GMail scanner through to Microsoft Exchange or Outlook). But these are choices that can leave a large number of people dissatified. Better to not put yourself in the position of having to make that choice if you can help it, like when you're a simple MTA that focuses on SMTP, relying on user plugins to handle any and all message parsing. [1] Sendmail was also tolerant of a leading Unix "From " line as typically inserted for Berkeley MBOX storage. Alot of older software also tolerates this, but plenty doesn't and you rarely see this in the wild anymore. Usually only locally if at all.
